b'      DEPARTMENT OF HOMELAND SECURITY\n\n       Office of Inspector General\n\n\n\n             Survey of the Information Analysis\n          And Infrastructure Protection Directorate\n\n\n\n\n Notice: The Department of Homeland Security, Office of Counsel to the Inspector General,\n has reviewed this report and excised information according to the Freedom of Information Act,\n 5 U.S.C. Section 552, as amended.\n\n\n\n\nOffice of Inspections, Evaluations, & Special Reviews\n\n OIG-04-13                                           February 2004\n\x0c\x0c                                               Preface\n\n\nThe Department of Homeland Security (DHS) Office of Inspector General (OIG) was established\nby the Homeland Security Act of 2002 (Public Law 107-296) by amendment to the Inspector\nGeneral Act of 1978. This is one of a series of audit, inspection, investigative, and special reports\nprepared by the OIG periodically as part of its oversight responsibility with respect to DHS to\nidentify and prevent fraud, waste, abuse, and mismanagement.\n\nThis report is the result of an assessment of the strengths and weaknesses of the program,\noperation, or function under review. It is based on interviews with employees and officials of\nrelevant agencies and institutions, direct observations, and a review of applicable documents.\n\nThe recommendations herein, if any, have been developed on the basis of the best knowledge\navailable to the OIG, and have been discussed in draft with those responsible for implementation.\nIt is my hope that this report will result in more effective, efficient, and/or economical operations.\nI express my appreciation to all of those who contributed to the preparation of this report.\n\n\n\n\nClark Kent Ervin\nInspector General\n\x0c\x0c                                                                                                                            Contents\n\nIntroduction.......................................................................................................................................... 1\n\n     Results in Brief .............................................................................................................................. 1\n\n     Background .................................................................................................................................... 2\n\n     Purpose, Scope and Methodology................................................................................................... 3\n\n     Programs of the Information Analysis and Infrastructure Protection Directorate (by offices\n     and divisions) ................................................................................................................................. 4\n\n           The Budgetary Programs of the IAIP....................................................................................... 4\n\n           Organizational Chart of IAIP................................................................................................... 5\n\n           Administration and Outreach \xe2\x80\x93 Office of the Under Secretary ............................................... 7\n\n           Homeland Security Operations Center .................................................................................. 10\n\n           Intelligence and Warning - Office of Information Analysis.................................................. 12\n\n           Protecting Critical Infrastructure and Key Assets \xe2\x80\x93 Office of Infrastructure Protection ....... 16\n\n     Issues for Inspections/Evaluations............................................................................................... 21\n\n           Hiring Personnel to Work in a Classified Environment Takes a Substantial Amount\n           of Time .................................................................................................................................. 21\n\n           The Ability of IAIP to Exchange Threat Information Electronically with Partners is\n           Necessary to Fulfill its Mission ............................................................................................ 22\n\n           Maintaining Close Partnerships that Facilitate Unobstructed Information Flows is\n           Crucial to the Success of IAIP .............................................................................................. 23\n\n           The Extent of IAIP\xe2\x80\x99s Involvement With the Homeland Security Advisory System is\n           Not Clear ............................................................................................................................... 24\n\n           IAIP Needs to Develop a Prioritized List of Critical Infrastructure and Assets ................... 24\n\n\n                                         Survey of IAIP Directorate - OIG-04-13                                                                     Page i\n\x0cContents\n\nAppendices\n\n    Appendix A:   Summary of IAIP Statutory Functions............................................................ 26\n    Appendix B:   Lead Agencies and Critical Infrastructure Sectors and Key Assets................ 27\n    Appendix C:   IAIP Response to OIG .................................................................................... 28\n    Appendix D:   Major Contributors to this Report................................................................... 29\n    Appendix E:   Report Distribution ......................................................................................... 30\n\n\nAbbreviations\n\n    CAEO          Competitive Analysis and Evaluation Office\n    CIA           Central Intelligence Agency\n    COS           Chief of Staff\n    DHS           Department of Homeland Security\n    DoD           Department of Defense\n    FBI           Federal Bureau of Investigation\n    FTE           Full Time Equivalent\n    FY            Fiscal Year\n    HSA           Homeland Security Act\n    HQBO          Headquarters Business Office\n    HSAS          Homeland Security Advisory System\n    HSC           Homeland Security Council\n    HSOC          Homeland Security Operations Center\n    HV/HPS        High Value/High Probability of Success\n    IA            Office of Information Analysis\n    IAIP          Information Analysis and Infrastructure Protection Directorate\n    ICD           Infrastructure Coordination Division\n    IMRD          Information Management and Requirements Division\n    IP            Office of Infrastructure Protection\n    IT            Information Technology\n    IWD           Information and Warnings Division\n    NCS           National Communication System\n    NCSD          National Cyber Security Division\n    NSTAC         National Security Telecommunication Advisory Committee\n    NS/EP         National Security Emergency Preparedness\n    OIG           Office of Inspector General\n\n\n\nPage ii                                       Survey of IAIP Directorate - OIG-04-13\n\x0c                                                    Contents\n\n\nPPO    Planning and Partnerships Office\nPSD    Protective Security Division\nRAD    Risk Assessment Division\nTTIC   Terrorist Threat Integration Center\n\n\n\n\n           Survey of IAIP Directorate - OIG-04-13        Page iii\n\x0c\x0cOIG\nDepartment of Homeland Security\nOffice of Inspector General\n\n\n    Introduction\n                       The Information Analysis and Infrastructure Protection (IAIP) directorate was\n                       created to support a key strategic mission of the Department of Homeland\n                       Security (DHS). IAIP analyzes and integrates terrorist threat information,\n                       mapping those threats against both physical and cyber vulnerabilities to critical\n                       infrastructure and key assets, and implementing actions that protect the lives of\n                       Americans, ensures the delivery of essential government services, and protects\n                       infrastructure assets owned by US industry. IAIP is unique in that no other\n                       federal organization has the statutory mandate to carry out these responsibilities\n                       under one organizational framework.\n\n                       The Office of Inspector General (OIG) conducted this survey to learn more about\n                       the department\xe2\x80\x99s plans for IAIP and to prepare us for more detailed future work\n                       as part of our general oversight responsibility for DHS and its component parts.\n                       Issues of particular importance to us were:\n\n                       \xe2\x80\xa2   The methodology for transferring and integrating the functions and agencies\n                           responsible for protecting critical infrastructure into IAIP;\n                       \xe2\x80\xa2   How IAIP offices and divisions are working (or intend to work) with non-\n                           DHS entities to protect critical infrastructure; and\n                       \xe2\x80\xa2   IAIP\xe2\x80\x99s ability to communicate with entities within DHS and other federal,\n                           state, local, and private sector partners.\n\n                       Additionally, we endeavored to determine the obstacles IAIP faces in \xe2\x80\x9cstanding-\n                       up\xe2\x80\x9d the organization. We reviewed and analyzed documents pertaining to IAIP\n                       and interviewed IAIP officials from May 2003 through July 2003.\n\n    Results in Brief\n                       Since its establishment approximately nine months ago, IAIP has faced the\n                       daunting task of becoming fully operational as a new directorate, while\n                       maintaining the workload it acquired from legacy agencies. In addition to\n                       maintaining a full workload, IAIP has also encountered several other complicating\n\n\n\n                            Survey of IAIP Directorate - OIG-04-13                                   Page 1\n\x0c                           factors. For example, during the past nine months, IAIP has been hampered by\n                           turnover of key management positions. Also, IAIP has dealt with severe space\n                           problems, as many of its personnel are required to work from separate locations\n                           throughout the Washington, D.C. metropolitan area, or to work with one or more\n                           other people at one workstation at the department\xe2\x80\x99s headquarters.\n\n                           In addition to these difficulties, the OIG has identified several other issues that\n                           may warrant future inspections. During interviews, executives within IAIP\n                           maintained that the inability to hire personnel who have, or can quickly obtain,\n                           the necessary security clearances to work in a classified environment was a major\n                           obstacle to IAIP becoming fully operational. Another obstacle often cited by IAIP\n                           executives was its inability to connect to secure systems and databases residing\n                           at other agencies. Future inspections geared toward making recommendations\n                           on how to shorten the clearance process for new hires and assessing the\n                           progress made in systems connectivity would help IAIP advance in its mission.\n                           Though not identified as a current issue by IAIP executives, much of the future\n                           success of IAIP depends on its ability to maintain close partnerships with other\n                           federal departments and agencies that have homeland security responsibilities\n                           for infrastructure sectors not covered by DHS. Close partnerships with the\n                           intelligence and law enforcement communities are also vital to the success of\n                           IAIP. A future inspection that measures how well IAIP maintains its partnerships\n                           with key outside agencies would help to gauge the effectiveness of IAIP in\n                           supporting the overall mission of DHS. Finally, IAIP plays an important role\n                           in analyzing threat information in support of the Homeland Security Advisory\n                           System (HSAS).1 However, it is not clear how intelligence will be deemed\n                           actionable, or what the intelligence requirements are for the different threat\n                           conditions. An inspection that will clarify these matters may promote a more\n                           effective, efficient, and economical process for changing the threat condition.\n\nBackground\n                           In response to the recognized need for a coordinated, national approach2 to protect\n                           the homeland against potential terrorist attacks, Congress enacted the Homeland\n\n1\n  The Homeland Security Advisory System provides a means to disseminate information regarding the risk of terrorist attacks\nagainst federal, state, local, and private sector authorities and the American people by characterizing appropriate levels of\nvigilance, preparedness, and readiness in a series of graduated threat conditions.\n2\n  Before DHS was created in November 2002, protecting the homeland was primarily a federal responsibility and was mainly\ncoordinated through the military, the intelligence agencies, the Department of Justice, and the Department of State. Since the\nSeptember 11, 2001 terrorist attack, homeland security has become a national rather than a federal responsibility because the\nfederal government alone cannot protect the entire country.\n\n\nPage 2                                            Survey of IAIP Directorate - OIG-04-13\n\x0c              Security Act (HSA) of 2002, resulting in the creation of DHS. The primary\n              strategic objectives of the DHS are:\n\n              \xe2\x80\xa2   To prevent terrorist attacks within the homeland;\n              \xe2\x80\xa2   To reduce the vulnerability of the homeland to terrorism; and\n              \xe2\x80\xa2   To minimize the damage and assist in the recovery from terrorist acts that\n                  occur within the homeland.\n\n              IAIP was vested with responsibility to analyze and integrate terrorist threat\n              information, map threats against both physical and cyber vulnerabilities to critical\n              infrastructure and key assets, and implement actions that protect the lives of\n              Americans, ensure the delivery of essential government services, and protect\n              infrastructure assets owned by U.S. industry. IAIP carries out its mission through\n              the Administrative and Outreach, Intelligence and Warning, and the Protecting\n              Critical Infrastructure and Key Assets programs, as well as the Homeland Security\n              Operations Center.\n\nPurpose, Scope, and Methodology\n              The objective of this survey was twofold. First, we sought to gain a basic\n              understanding of IAIP, including learning the missions of the offices and divisions\n              within IAIP, defining the operational relationships between those offices and\n              divisions, diagramming internal and external terrorist threat information flow,\n              and identifying the obstacles impeding IAIP\xe2\x80\x99s ability to become fully operational.\n              Second, this survey provided an opportunity to identify issues suited for future\n              detailed inspections or audits. With regard to programs or operations meriting\n              special or focused attention, we reviewed and analyzed the following:\n\n              \xe2\x80\xa2   Documentation pertinent to DHS and IAIP including program guidance,\n                  policy memorandums, briefing packages, meeting notes, Internet websites,\n                  and various news articles;\n              \xe2\x80\xa2   Homeland Security Act of 2002, Pub. L. No. 107-296, 116 Stat. 2135 (Nov.\n                  25, 2002);\n              \xe2\x80\xa2   Patriot Act of 2001, Pub. L. 107-56, 115 Stat. 272 (Oct. 26, 2001);\n              \xe2\x80\xa2   Congressional testimony, namely the joint hearing with both the Judiciary\n                  Committee and the Select Committee on Homeland Security, on \xe2\x80\x9cThe\n                  Terrorist Threat Integration Center (TTIC) and its Relationship with the\n                  Departments of Justice and Homeland Security,\xe2\x80\x9d July 22, 2003;\n              \xe2\x80\xa2   Congressional testimony, namely the Subcommittee on Intelligence and\n                  Counter-Terrorism to the House Select Committee on Homeland Security,\n\n\n                   Survey of IAIP Directorate - OIG-04-13                                  Page 3\n\x0c                    \xe2\x80\x9cImproving the Department of Homeland Security\xe2\x80\x99s Information Sharing\n                    Capabilities,\xe2\x80\x9d July 24, 2003; and\n                \xe2\x80\xa2   IAIP organizational chart as of August 11, 2003.\n\n                We interviewed key IAIP officials, including the Under Secretary, the Assistant\n                Secretary for Information Analysis, the Assistant Secretary for Infrastructure\n                Protection, and the Director of the Homeland Security Operations Center.\n                In addition, we interviewed the Chief of Staff and the office directors for\n                the Risk Assessment Division, the Information and Warnings Division, the\n                Infrastructure Coordination Division, the Protective Security Division, the\n                National Communications System, the Planning and Partnership Office, and the\n                Competitive Analysis and Evaluation Office.\n\n                The bulk of the interviews conducted during the interview phase of this survey\n                were conducted from May 2003 to July 2003 under the authority of the Inspector\n                General Act of 1978, as amended. Follow-up questions regarding the National\n                Asset List were answered on December 16, 2003.\n\nPrograms of the Information Analysis and Infrastructure Protection\nDirectorate (by offices and divisions)\n                Guided by the requirements of the HSA, IAIP combines the capability to: (1)\n                identify and assess current and future threats to the nation\xe2\x80\x99s critical infrastructure;\n                (2) communicate identified threats and issue warnings to relevant federal, state,\n                local, private, and international partners; and (3) implement strategies to protect\n                the nation\xe2\x80\x99s critical infrastructure. No other government agency has the statutory\n                mandate to combine these capabilities under one organizational framework.\n                Consequently, many refer to IAIP as the \xe2\x80\x9ccentral information nerve center\xe2\x80\x9d of the\n                overall effort to protect the homeland and, thus, of DHS.\n\n         The Budgetary Programs of IAIP\n                IAIP administers the (1) Administrative and Outreach Program; (2) Intelligence\n                and Warning Program; (3) Homeland Security Operations Center; and (4)\n                Protecting Critical Infrastructure and Key Assets Program. Baseline personnel\n                and funding statistics as provided by IAIP are reported in the following table.\n\n\n\n\nPage 4                               Survey of IAIP Directorate - OIG-04-13\n\x0c                                     Table 1 \xe2\x80\x93 Projected, authorized personnel and funding statistics for FY 2004\n\n                                                                                                                                                                                    Budget\n                                       Programs/Operations Center                                                                                     FTEs\n                                                                                                                                                                                    ($000)\n                                       Administrative and Outreach Program\n                                       Homeland Security Operations Center\n                                       Intelligence and Warning Program\n                                       Protecting Critical Infrastructure and Key Assets Program\n                                       Total                                                                                                            692                          $1,032,000\n\n\n                                     These three programs and one operations center can be traced generally to specific\n                                     offices and divisions within IAIP. The Administrative and Outreach Program\n                                     is roughly equivalent to the Office of the Under Secretary and the personnel\n                                     assigned to support the Under Secretary and administrative and outreach functions\n                                     of IAIP. The Intelligence and Warning Program is roughly equivalent to the\n                                     Office of Information Analysis (IA), and the Protecting Critical Infrastructure\n                                     and Key Assets Program is roughly equivalent to the Office of Infrastructure\n                                     Protection (IP).\n\n               Organizational Chart of IAIP\n                                     IAIP\xe2\x80\x99s organizational chart supplied, as of August 11, 2003, is presented below.\n\n                                     Chart 1 \xe2\x80\x93 The Information Analysis and Infrastructure Protection\n                                               Directorate\n                                                                                         Under Secretary\n\n\n\n                                                              Chief of Staff                                         Planning and Partnerships\n                                                       (included in the US/IAIP FTEs)\n\n\n                                                      Headquarters Business Office\n\n                                                                                                                                                 Administration and Outreach Program\n                                                                                                                                                 Intelligence and Warning Program\n                                               Competitive Analysis and Evaluation Office\n                                                                                                                                                 Homeland Security Operations Center\n                                                                                                                                                 Protecting Critical Infrastructure and Key Assets Program\n\n\n\n                      Assistant Secretary for Information Analysis                                                             Assistant Secretary for Infrastructure Protection\n                                          (ASIA)                               Homeland Security Operations Center                                    (ASIP)\n                                                                                                TBD\n\n\n\n\nRisk Assessment Division            Information & Warnings Division                Infrastructure Coordination Division            Protective Security Division\n                                                                                                                                                                          National Cyber Security Division\n                                                                                                                                                                                           TBD\n\n\n\n\n                                                                                     National Communications System\n\n\n\n\n                                               Survey of IAIP Directorate - OIG-04-13                                                                                                                        Page 5\n\x0c         On March 1, 2003, when certain offices and functions of 22 agencies merged to\n         create DHS, IAIP inherited elements from five legacy agencies, including:\n\n         \xe2\x80\xa2   National Infrastructure Protection Center (Federal Bureau of Investigation)\n         \xe2\x80\xa2   Critical Infrastructure Assurance Office (Department of Commerce)\n         \xe2\x80\xa2   Federal Computer Incident Response Center (General Services Administration)\n         \xe2\x80\xa2   National Communications System (Department of Defense)\n         \xe2\x80\xa2   Office of Energy Assurance (Department of Energy)\n\n         Merging these five legacy elements into a fully functioning directorate is\n         an ongoing process. Since merging, IAIP has made several changes to its\n         organizational structure. One of the more significant changes involved the\n         placement of the Homeland Security Operations Center (HSOC) within IAIP.\n         Previously, the HSOC was assigned to the Office of the Secretary and was\n         budgeted under the Management and Administration Program of DHS. Another\n         significant change was the establishment of a National Cyber Security Division\n         (NCSD). Both of these changes are reflected in the current organizational\n         chart. However, as IAIP streamlines processes and refines communication\n         among internal offices, divisions and external partners, the OIG understands that\n         additional changes in the current organizational structure may be necessary. In\n         fact, the OIG has learned that additional changes in the organizational structure\n         are under consideration. These changes are intended to enhance the ability of\n         IAIP to meet the 19 responsibilities assigned to it by the HSA. Such changes\n         could involve converting the Information and Warnings Division (IWD) within\n         the IA into the Information Management and Requirements Division (IMRD),\n         moving the Planning and Partnerships Office (PPO) from the Office of the Under\n         Secretary to the IP, and making the National Communications System (NCS) into\n         a peer of the Infrastructure Coordination Division (ICD) rather than keeping it as\n         a subordinate.\n\n         Under the current organizational structure, IA is responsible primarily for\n         identifying and assessing current and future threats to the nation\xe2\x80\x99s critical\n         infrastructures. The HSOC is responsible for communicating identified threats\n         and issuing warnings to relevant federal, state, local, and private sector partners.\n         The IP is responsible for implementing strategies to protect the nation\xe2\x80\x99s critical\n         infrastructure. Of the 19 responsibilities assigned to IAIP by the HSA, 16 are to\n         be carried out by IA and three are assigned to IP, with close collaboration between\n         IA and IP on seven of these responsibilities (Appendix A.). One of the goals of\n         executive management is for the IA and IP to function seamlessly regarding these\n         assignments.\n\n\n\nPage 6                        Survey of IAIP Directorate - OIG-04-13\n\x0c                               During non-crisis operations, information arrives through IAIP-watch, resident\n                               intelligence agency desks, resident law enforcement agency desks, and resident\n                               response agency desks within the HSOC, as well as through contacts among the\n                               13 infrastructure sectors (Appendix B). Once information is processed within\n                               IAIP, warning and mitigation strategies are then communicated to relevant\n                               partners through the HSOC or through line-operational divisions (e.g., the\n                               Infrastructure Coordination Division) after coordination with HSOC to points\n                               of contacts among the 13 infrastructure sectors \xe2\x80\x93 an environment where IAIP\n                               listens with many ears and speaks with many mouths. During near-crisis or\n                               crisis operations, information flows through the HSOC and, in general, line-\n                               operational divisions will be discouraged from maintaining separate channels of\n                               communication with the contacts developed through the course of regular non-\n                               crisis operations. Line-operational divisions will still be able to communicate\n                               with their contacts in the sectors; however, they will be encouraged to do so\n                               through the HSOC so the message will be more controlled \xe2\x80\x93 an environment\n                               where IAIP listens with one ear and speaks with one mouth.\n\n      Administration and Outreach \xe2\x80\x93 Office of the Under Secretary\n                               The Office of the Under Secretary is comprised of: (1) the Under Secretary;\n                               (2) the Chief of Staff; (3) Headquarters Business Office; (4) the Competitive\n                               Analysis and Evaluation Office; and (5) the Planning and Partnership Office. The\n                               following chart highlights the position of the Office of the Under Secretary within\n                               IAIP:\n\n                                                           Chart 2 \xe2\x80\x93 The Office of the Under Secretary\n\n                                                                                                 Under Secretary\n\n\n                                                                        Chief of Staff                             Planning and Partnerships Office\n\n                                                                Headquarters Business Office\n\n                                                         Competitive Analysis and Evaluation Office\n\n                       Under Secretary\n\n\n                COS                      PPO\n\n                HBO\n\n                CAEO\n\n\n      ASIA                 HSOC                  ASIP\n\n\n\nRAD      I&WD               ICD                PSD      NCSD\n\n\n                            NCS\n\n\n\n\n                                         Survey of IAIP Directorate - OIG-04-13                                                                       Page 7\n\x0c         \xc3\x98 Chief of Staff (COS)\n           The primary responsibility of the COS is to administer and manage IAIP\xe2\x80\x99s\n           staff. Embodied within this responsibility is the coordination of the\n           directorate\xe2\x80\x99s offices and line-operational divisions, assuring that they are\n           integrated and operating in full collaboration with the HSOC. However,\n           several issues appear to be inhibiting this integration process. One of the\n           more obvious involves the 499 Full Time Equivalents (FTEs) that IAIP\n           inherited from legacy agencies. Of these 499 FTEs, only 174 were filled\n           by personnel who actually left their legacy agency and made the transition\n           into IAIP. The other 325 have remained vacant for the first six months of\n           IAIP\xe2\x80\x99s existence. The element that contributed the most to this personnel\n           shortage was the National Infrastructure Protection Center (NIPC). When\n           NPIC transferred into IAIP, personnel who actually left the FBI filled only\n           18 of the 307 FTEs targeted for transfer. The other 289 were vacant. Other\n           complicating issues include turnover of key leadership positions, slower than\n           anticipated consolidation of administrative functions, and logistical problems\n           caused by IAIP\xe2\x80\x99s multiple office locations spread throughout the Washington\n           metropolitan area.\n\n         \xc3\x98 Headquarters Business Office (HQBO)\n           The HQBO was established to provide IAIP components with the necessary\n           planning, financial, facilities, and acquisition support required to satisfy\n           their mission objectives and to ensure compliance with all federal and DHS\n           regulatory and policy requirements. The Director of Business Operations is\n           responsible for administering, managing, and overseeing all activities in the\n           HQBO; coordinating business operations functions and activities across the\n           IAIP; and reporting progress to its primary customers, the Under Secretary,\n           the COS, and the assistant secretaries for IA and IP.\n\n            One of the high priority challenges facing the HQBO, as well as the COS,\n            is IAIP\xe2\x80\x99s immediate need to fill its ranks with sufficiently trained and\n            appropriately cleared staff to meet the needs of IAIP senior management and\n            all IAIP divisions. Further, it is anticipated that within next five years, the\n            IAIP will experience tremendous growth in terms of acquiring additional\n            highly skilled staff as well as services, technologies, and tools that will enable\n            the IAIP to refine its mission. The HQBO and the COS face the challenge\n            of identifying issues and factors that influence the size and shape of IAIP\xe2\x80\x99s\n            budget, staffing, and technology.\n\n\n\n\nPage 8                      Survey of IAIP Directorate - OIG-04-13\n\x0c\xc3\x98 Competitive Analysis and Evaluation Office (CAEO)\n  The mission of the CAEO is to reduce the risk and consequences of terrorist\n  attacks on the homeland by helping to ensure that IAIP products and services\n  are tested, and of the highest quality and value.\n\n   The CAEO helps DHS anticipate terrorist actions -- and thus improve DHS\n   threat warnings, collection requirements, and mitigation measures - - by\n   organizing DHS \xe2\x80\x9cstrategic red cell\xe2\x80\x9d sessions. During these sessions, the\n   CAEO brings in outside experts from private industry, the military, the\n   intelligence and law enforcement communities, and elsewhere to provide an\n   independent assessment of where, how, and when terrorist may attempt to\n   strike.\n\n   The CAEO plans to test and validate risk assessments on infrastructure\n   through physical and cyber \xe2\x80\x9cred teaming.\xe2\x80\x9d By emulating terrorist mindsets,\n   doctrines, and tactics, CAEO red teams will provide its customers, mainly IP,\n   with a snapshot of critical infrastructure and cyber security vulnerabilities,\n   categorize them according to risk, and identify safeguards to mitigate the\n   vulnerabilities.\n\n   In addition, the CAEO:\n\n   \xe2\x80\xa2   Develops, coordinates, and conducts interagency and IAIP exercises to\n       test and improve procedures for managing terrorist threats and attacks,\n       as well as organizes conferences and seminars.\n   \xe2\x80\xa2   Conducts impartial in-house and outside reviews of IAIP products,\n       services, and processes -- including measuring customer feedback on\n       these products -- and works with IAIP components to develop quality\n       standards.\n\n\xc3\x98 Planning and Partnership Office (PPO)\n  At the core of IAIP\xe2\x80\x99s mission is the need to build and maintain strong,\n  strategic relationships with critical infrastructure sectors and key asset\n  industries. This task is assigned to IAIP\xe2\x80\x99s PPO. The PPO is responsible\n  for developing and supporting the development of partnerships for IAIP\n  divisions with state and local government, private industry, and international\n  communities for national planning, outreach and awareness, information\n  sharing, and protective actions. Specifically, the PPO:\n\n\n\n\n    Survey of IAIP Directorate - OIG-04-13                                  Page 9\n\x0c                    \xe2\x80\xa2   Develops, coordinates and supports partnerships for IAIP divisions\n                        with international communities, state and local government and other\n                        federal agencies, public sector, and academic institutions for outreach\n                        and awareness, information sharing and protective action programs;\n                    \xe2\x80\xa2   Develops, coordinates, and implements national outreach and\n                        awareness programs for IAIP divisions;\n                    \xe2\x80\xa2   Manages and provides executive agent support to advisory councils\n                        and cross-sector partnerships; and,\n                    \xe2\x80\xa2   Develops, maintains and reports progress against national integrated\n                        strategies and implementation plans for critical infrastructure\n                        protection.\n\n                    Successfully implementing productive partnerships requires expertise in\n                    information analysis and infrastructure protection processes and policies, the\n                    interest of potential partners, and skills in creating mutual benefits among an\n                    array of stakeholders. Before the PPO can become fully functional, offices\n                    and divisions within IAIP must understand the benefits of their interaction\n                    with each other as well as external participants. The PPO must also develop\n                    standardized protocols and processes as they apply to entities inside and\n                    outside IAIP.\n\n          Homeland Security Operations Center\n                 The Homeland Security Operations Center (HSOC) is the nation\xe2\x80\x99s single point\n                 for tracking federal, state, local and private sector terrorist threat information\n                 to secure the homeland. It operates 24 hours per day, seven days a week. It\n                 maintains and shares domestic situational awareness; coordinates security\n                 operations; detects, prevents, and deters terrorist incidents; and facilitates the\n                 response to all critical threats. During a crisis,\n\n\n\n\nPage 10                              Survey of IAIP Directorate - OIG-04-13\n\x0c                          The following chart highlights the HSOC\xe2\x80\x99s position within IAIP:\n\n                           Chart 3 \xe2\x80\x93 The Homeland Security Operations Center\n\n                           Homeland Security Operations Center\n\n\n\n\n                                                                                                     Under Secretary\n\n\n                                                                                              COS                      PPO\n\n                                                                                              HBO\n\n                                                                                              CAEO\n\n\n                                                                                    ASIA                 HSOC                  ASIP\n\n\n\n                                                                             RAD       I&WD               ICD                PSD      NCSD\n\n\n                                                                                                          NCS\n\n\n\n\n                          Under the operational control of IAIP, the HSOC houses staff from various\n                          elements of the intelligence and law enforcement communities such as the CIA,\n                          National Security Agency, Secret Service, and FBI, as well as elements from\n                          organizations such as the Department of State, Department of Energy and the\n                          National Emergency Management Association.3 In addition, an IAIP cell or\n                          \xe2\x80\x9cIAIP-watch\xe2\x80\x9d is located in the HSOC. IAIP-watch serves as a channel for the\n                          flow of threat information to and from the divisions within IAIP.\n\n\n\n\n3\n  The National Emergency Management Association is a professional organization for state emergency management directors.\nIts mission is to provide leadership and expertise in emergency management, serve as an information and assistance resource,\nand to advocate continuous improvement in emergency management procedures.\n\n\n                                Survey of IAIP Directorate - OIG-04-13                                                                   Page 11\n\x0c            Intelligence and Warning \xe2\x80\x93 Office of Information Analysis\n                            The Office of Information Analysis (IA) is comprised of two divisions:the Risk\n                            Assessment Division and the Information and Warnings Division. The primary\n                            mission of IA is to provide a full range of intelligence support to components\n                            within DHS, as well as relevant partners outside of DHS. IA provides this\n                            support by serving two roles: first, as an information \xe2\x80\x9cfusion center,\xe2\x80\x9d and,\n                            second, as an information \xe2\x80\x9cdissemination manager.\xe2\x80\x9d As an information fusion\n                            center, IA gathers and integrates threat information from the intelligence and\n                            law enforcement communities, as well as from other components within DHS.\n                            Once the information has been gathered and integrated, it is then analyzed and\n                            processed into a usable format for distribution. As an information dissemination\n                            manager, IA ensures that threat information is shared appropriately by issuing\n                            threat advisories, bulletins, and warnings to relevant partners both internal\n                            and external to DHS. Finally, IA supports the administration of the HSAS, by\n                            providing independent analysis of threat information in support of decisions to\n                            raise or lower the national threat condition.\n\n                            The following chart highlights IA\xe2\x80\x99s position within IAIP:\n\n                            Chart 4 \xe2\x80\x93 The Office of Information and Analysis\n\n                           Assistant Secretary for Information Analysis\n\n\n\n\n      Risk Assessment Division           Information & Warnings Division\n                                                                                                          Under Secretary\n\n\n                                                                                                   COS                      PPO\n\n                                                                                                   HBO\n\n                                                                                                   CAEO\n\n\n                                                                                         ASIA                 HSOC                  ASIP\n\n\n\n                                                                                   RAD      I&WD               ICD                PSD      NCSD\n\n\n                                                                                                               NCS\n\n\n\n\n                            \xc3\x98 Risk Assessment Division (RAD)\n                              RAD is charged with becoming the most authoritative source in the federal\n                              government for assessing the overall threat that terrorists pose to homeland\n\n\nPage 12                                                   Survey of IAIP Directorate - OIG-04-13\n\x0c                               security. It is also charged with mapping these threats against vulnerabilities\n                               and providing actionable advisories to relevant partners both internal and\n                               external to DHS. The RAD is considered to be an intelligence gatherer, rather\n                               than an intelligence collector. The difference is the RAD accumulates and\n                               analyzes information passed to it by sources whose mission is to seek out raw\n                               intelligence.4 The RAD does not participate in activities such as recruiting\n                               informants or intercepting communications.\n\n                               The RAD accomplishes its core intelligence mission by integrating and\n                               analyzing threat information primarily from the intelligence and law\n                               enforcement communities and DHS operational and intelligence components.\n                               The RAD is also authorized to establish a two-way exchange of information\n                               with its state, local, and private sector partners.\n\n\n\n\n                                                                        5\n\n\n\n\n                                                                                                The HSOC\n                               is the lead operations center within DHS that is responsible for monitoring\n                               and conducting a first level assessment of incoming threat information and\n                               any appropriate response. The HSOC is staffed with representatives from\n                               the intelligence and law enforcement communities, Department of Defense\n                               (DoD), and various civilian agencies.\n\n\n                               The Terrorist Threat Integration Center (TTIC), a joint venture among the\n                               Central Intelligence Agency (CIA), the Federal Bureau of Investigation\n                               (FBI), the DoD, Department of State, and DHS, serves as another important\n\n4\n  Raw intelligence is a colloquial term meaning collected information that has not yet been converted into finished\nintelligence.\n\n\n\n\n                                 Survey of IAIP Directorate - OIG-04-13                                               Page 13\n\x0c                               source of information for the RAD. In contrast to the HSOC, the director\n                               of TTIC does not report to the IAIP Under Secretary but to the Director of\n                               Central Intelligence as the head of the entire U.S. intelligence community.\n                               The TTIC\xe2\x80\x99s mission is to integrate and analyze terrorist-related information\n                               to form the most comprehensive threat picture possible, whether it pertains\n                               to threats overseas or to the homeland. In many respects, the missions of the\n                               TTIC and the RAD overlap. However, the TTIC\xe2\x80\x99s mission is more specific\n                               than the analytic mission performed within DHS by the RAD in that TTIC\n                               primarily focuses on threats developing overseas.6\n\n                               By contrast, the RAD has both a more focused and overarching mission in\n                               defending the homeland than TTIC. The RAD, as a division of IA, has the\n                               statutory mandate to analyze all incoming threats to homeland security and\n                               then to assess their credibility\n\n\n\n                                                    Another important difference is that the RAD has the\n                               mandate to communicate these assessments in a timely manner to state, local,\n                               and private sector partners. The RAD does this through its close relationships\n                               with the HSOC, IP, and the state and local office of DHS. The importance\n                               and uniqueness of the RAD\xe2\x80\x99s relationships with its counterpart divisions\n                               within the IP cannot be overstressed. The TTIC does not have the mandate\n                               to communicate or interact with state, local, and private sector partners, nor\n                               does it have a direct relationship with divisions within the IP that implement\n                               protective measures.\n\n                               The TTIC is reported to be a willing partner in the exchange of threat\n                               information.7 However, the OIG was told during senior executive interviews\n                               that DHS must weigh in more heavily with TTIC, particularly in its corporate\n                               ownership of analytic products produced for the President, Secretary\n                               of Homeland Security, and other senior officials. According to these\n                               interviews, the intelligence product coming out of the TTIC would benefit\n\n6\n  In a letter to Senator Joseph I. Lieberman, dated June 17, 2003, Secretary Ridge, attempting to clarify the difference\nbetween TTIC and the analytical work being performed within DHS, wrote, \xe2\x80\x9cOther agencies have specific analytic functions\nthat relate to the war on terrorism performed to support their respective and specialized mission. \xe2\x80\xa6Information pertaining to\nthreats overseas [primarily collected by the CIA and analyzed by TTIC] is an important part of the overall analytic mosaic\nsupporting the global war on terrorism.\xe2\x80\x9d\n7\n  On July 22, 2003, at a joint oversight hearing with the Committee on the Judiciary and Select Committee on Homeland\nSecurity, Acting Assistant Secretary for IA confirmed that TTIC has provided IA all the threat information that he has\nrequested since he assumed that position.\n\n\nPage 14                                           Survey of IAIP Directorate - OIG-04-13\n\x0c                                  from the expertise and unique information access which RAD analysts have.\n                                  Furthermore, DHS and the TTIC should share staffing strategies to ensure that\n                                  they build compatible skill sets and missions rather than compete for the same\n                                  personnel resources and missions.\n                                                                                                                   8\n\n\n\n\n                             \xc3\x98 Information and Warnings Division (IWD)\n                               Initially, the IWD was assigned two critical responsibilities. One of these\n                               responsibilities was managing the entire internal and external information\n                               requirements process of IAIP. As part of this process, the IWD \xe2\x80\x9cpushes\xe2\x80\x9d\n                               information to relevant internal and external partners by coordinating the\n                               IAIP-watch within the HSOC and disseminating open-source9 warnings to\n                               state, local, and private sector partners -- functioning much like an information\n                               traffic cop. The IWD \xe2\x80\x9cpulls\xe2\x80\x9d information from relevant internal and external\n                               partners by developing information sharing and intelligence requirements\n                               designed to extract specific data that is necessary to obtain a more complete\n                               and comprehensive threat picture. The IWD works closely with the RAD\n                               and counterpart divisions within the IP to determine information sharing and\n                               intelligence requirements.\n\n\n\n\n9\n    Information that is publicly available through such media as newspapers, television, and the Internet.\n\n\n                                   Survey of IAIP Directorate - OIG-04-13                                    Page 15\n\x0c                                The IWD also is responsible for administering the HSAS. Once the Secretary,\n                                in consultation with members of the Homeland Security Council (HSC),\n                                decides to raise or lower the national threat condition, the IWD is charged\n                                with coordinating the actual notification of relevant partners about the change\n                                in threat condition. The IWD fulfills this role by maintaining a call list of\n                                contacts among key media outlets and state, local, and private sector officials.\n                                The IWD works closely with the HSOC throughout the notification process.\n                                In addition to administering the HSAS, the IWD is expected to produce\n                                information bulletins and warnings, coordinate the Secretary\xe2\x80\x99s morning\n                                summary, and have input in the overnight development briefing and the\n                                President and Secretary\xe2\x80\x99s monthly report.10\n\n                                The OIG has been told that the IWD may be disbanded in favor of a division\n                                that would focus almost exclusively on IAIP\xe2\x80\x99s information requirements.\n                                The new division most likely will be called the \xe2\x80\x9cInformation Management\n                                and Requirements Division\xe2\x80\x9d (IMRD) and will transfer old IWD elements\n                                responsible for watch and warning functions to the HSOC. Now that the\n                                HSOC has been moved into IAIP consolidating all watch and warning\n                                functions in the HSOC would eliminate the need to maintain two different\n                                entities within IAIP with the same functions. The future success of the\n                                IMRD will depend on how well organizations within the intelligence and\n                                law enforcement communities respond to the information requirements it\n                                sets. IAIP officials told the OIG that the IMRD\xe2\x80\x99s utility would be strongly\n                                influenced by the responsiveness of agencies such as the FBI and the CIA\n                                when tasked by the IMRD to collect certain intelligence or conduct specific\n                                investigations.\n\n              Protecting Critical Infrastructure and Key Assets \xe2\x80\x93 Office of\n              Infrastructure Protection\n                            The mission of the IP is to implement protective measures to reduce\n                            vulnerabilities in the nation\xe2\x80\x99s critical infrastructure.11 According to the \xe2\x80\x9cNational\n                            Strategy for the Physical Protection of Critical Infrastructures,\xe2\x80\x9d dated February\n\n\n10\n   The President or other officials in the White House, as well as the Secretary, receive a report that outlines trends in\nsuspicious incidents. Initially, this report was distributed on a weekly basis and then eventually on a bi-weekly basis.\nCurrently, it is distributed on a monthly basis.\n11\n   The Patriot Act defines critical infrastructure as \xe2\x80\x9cthose systems and assets, whether physical or virtual [cyber], so vital to\nthe United States that the[ir] incapacity or destruction... would have a debilitating impact on the security, national economic\nsecurity, national public health or safety, or any combination of those matters.\xe2\x80\x9d\n\n\nPage 16                                             Survey of IAIP Directorate - OIG-04-13\n\x0c2003, critical infrastructure can be categorized into 13 infrastructure sectors and\nfive key assets. There are eight federal lead departments and agencies, including\nDHS, which have a role in coordinating protection activities and cultivating\nlong-term collaborative relationships with counterparts from each of the 13\ninfrastructure sectors and five key assets (Appendix B). However, as authorized\nin the HSA, only DHS has the overarching responsibility to be the primary liaison\nand facilitator for cooperation among all federal departments and agencies, as\nwell as state, local and private sector partners.\n\nAs the primary liaison and facilitator within DHS during non-crisis operations,\nthe IP takes a broad approach to protecting the nation\xe2\x80\x99s critical infrastructure by\nworking closely with: (1) the IA and other organizations within DHS; (2) federal\nlead departments and agencies responsible for protecting infrastructure sectors\nand key assets that do not fall under the immediate control of DHS; (3) state,\nlocal, and private entities; and (4) international entities to reduce infrastructure\nvulnerabilities and deny the use of the infrastructure as a weapon to attack\nAmericans. Within the context of a national approach, the IP is increasing the\nnation\xe2\x80\x99s capability to secure critical infrastructure and key assets, as well as\nhigh profile events,\n\n\n                                 Second, based on assessed vulnerabilities, the\nIP will provide training and plans for protective measures to assist owners and\noperators in securing the critical infrastructure and key assets within their control.\nThe IP\xe2\x80\x99s goal is to mitigate quickly vulnerabilities and risks, while simultaneously\nhelping state, local, and private sector partners develop the capability to mitigate\nvulnerabilities and risk themselves. By building these capabilities into national\npartners, the IP intends to reduce the nation\xe2\x80\x99s vulnerability to terrorist attacks\nthrough a sector-wide approach.\n\n\n\n\n     Survey of IAIP Directorate - OIG-04-13                                   Page 17\n\x0c                                                                                                                                                               Appendix VI\n                                                                                                                                                          Report Distribution\n\n\n\n                               The following chart highlights IP\xe2\x80\x99s position within IAIP:\n\n                                                        Chart 5 \xe2\x80\x93 The Office of Infrastructure Protection\n\n                                             Assistant Secretary for Infrastructure Protection\n\n\n\n\n      Infrastructure Coordination Division      Protective Security Division            National Cyber Security Division\n\n\n\n\n          National Communications System                                                                                 Under Secretary\n\n\n                                                                                                                  COS                      PPO\n\n                                                                                                                  HBO\n\n                                                                                                                  CAEO\n\n\n                                                                                                        ASIA                 HSOC                  ASIP\n\n\n\n                                                                                                 RAD       I&WD               ICD                PSD         NCSD\n\n\n                                                                                                                              NCS\n\n\n\n\n                               \xc3\x98 Infrastructure Coordination Division (ICD)\n                                 ICD provides core expertise in all the nation\xe2\x80\x99s infrastructure sectors and key\n                                 assets; monitors the operational status of those infrastructure sectors and key\n                                 assets; supports the two-way sharing of critical infrastructure information\n                                 between DHS and other federal, state, local, and private sector partners; and\n                                 supports infrastructure incident/event response, mitigation, and recovery.\n                                 Additionally, the ICD is charged with protecting proprietary and business\n                                 sensitive data, implementing and executing the Critical Infrastructure\n                                 Information program12, and executing National Security Emergency\n                                 Preparedness (NS/EP) programs.\n\n                                     To accomplish its mission and functions, the ICD works closely with\n                                     the RAD, Protective Security Division (PSD), and eventually with the\n                                     National Computer Security Division (NCSD) to provide analyses across\n                                     all infrastructure sectors and key assets. After assessing current trends in\n                                     terrorist threats to the nation\xe2\x80\x99s critical infrastructure, the ICD determines the\n                                     requirements for protective measures and then actively pursues partnerships\n\n\n\n12\n  Based on the authority of the HSA, the Critical Infrastructure Information program provides for tracking receipt, validation,\nprotection against unauthorized disclosure, and destruction of infrastructure information.\n\n\nPage 18                                                  Survey of IAIP Directorate - OIG-04-13\n\x0c                              with other government and private sector entities to safeguard\n\n\n                         \xc3\x98 National Communications System (NCS)\n                           NCS is the lead IAIP element for developing and maintaining\n                           collaborative relationships to support the critical infrastructure sector on\n                           communications. To do this, the NCS: (1) monitors the vulnerabilities\n                           of the telecommunications industry; and (2) coordinates national security\n                           and emergency preparedness communications for the federal government\n                           during non-terrorism related emergencies, terrorist attacks, and recovery and\n                           reconstitution operations. Organizationally, the NCS reports to the ICD. The\n                           NCS is the only organization that merged into IAIP without losing its legacy\n                           name or mission assignment.\n\n                              The NCS combines the assets of 23 federal departments and agencies to\n                              address the full range of national security and telecommunications emergency\n                              preparedness issues. The NCS applies its interagency planning efforts in\n                              developing NS/EP special telecommunications services to support IAIP and\n                              national security missions.\n\n                              The NCS also provides a means of collaborating with executives from the\n                              communications and information technology industries who are part of\n                              the President\xe2\x80\x99s National Security Telecommunication Advisory Committee\n                              (NSTAC).13 The NSTAC provides industry based advice and expertise to the\n                              President on issues and problems related to implementing national security\n                              and emergency preparedness. Additionally, through its relationships with\n                              other federal departments and agencies and the NSTAC, the NCS serves as\n                              another conduit for receiving information about potential terrorist attacks\n                              against the nation\xe2\x80\x99s critical infrastructure.\n\n                         \xc3\x98 Protective Security Division (PSD)\n                           PSD is to coordinate strategies for protecting the nation\xe2\x80\x99s critical, physical\n                           infrastructure. The PSD works closely with the ICD. The ICD identifies\n                           critical infrastructure elements and passes the information to the PSD.\n                           The PSD uses this information to conduct risk assessments and determine\n                           remediation plans for identified vulnerabilities.\n\n\n13\n  The NSTAC is composed of up to 30 executives representing the major communications and network service providers\nand information technology, finance, and aerospace companies, such as Verizon, Bell South, Lockheed Martin, The Boeing\nCompany, and Electronic Data Systems.\n\n\n                               Survey of IAIP Directorate - OIG-04-13                                           Page 19\n\x0c             The PSD receives terrorist threat information and analysis from the RAD\n             and other open sources, such as state and local governments. Based on\n             this information, the PSD formulates terrorist capability disruption and\n             remediation strategies. By implementing disruption strategies, the objective\n             of PSD is to upset the ability of terrorists to establish the means for attack.\n             By implementing remediation strategies,\n\n                        the objective of the PSD is to deter or disrupt terrorist attacks, or\n             minimize their impact if they occur.\n\n             The PSD also has an important advisory and training function. Advisory and\n             training services will be delivered to state, local, and private sector partners\n             by a network of protective security specialists as well as Protective Security\n             Advisors posted throughout the country. Based upon identified critical assets,\n             threats, and incidents, the PSD may provide an advisory team to work with\n             state and local public safety officials and infrastructure owners and operators\n             to make assets within their control more secure. Additionally, the PSD has\n             been working with its state, local, and private sector partners to identify and\n             list critical infrastructure assets\n\n\n\n\n          \xc3\x98 National Cyber Security Division (NCSD)\n            The mission of the NCSD is to implement the National Strategy to Secure\n            Cyberspace which includes identifying, analyzing and reducing cyber\n            threats and vulnerabilities; disseminating cyber-threat warning information;\n            coordinating incident response; providing technical assistance in continuity of\n\n\n\nPage 20                      Survey of IAIP Directorate - OIG-04-13\n\x0c                  operations and recovery planning; and outreach, awareness, and training. The\n                  newly formed NCSD is to be a fusion point of expertise for cyber security.\n                  The NCSD also is to use the expertise of various law enforcement, defense,\n                  and intelligence agencies to provide multi-layered cyber security protection.\n                  Furthermore, the NCSD is to serve as a single point of contact for the public\n                  and private sectors for addressing cyber security issues in the United States.\n                  The NCSD is to work closely with other IAIP offices and divisions and\n                  maintain contacts with other federal, state and local governments, and the\n                  private sector to fulfill its mission.\n\nIssues for Inspections/Evaluations\n               As we studied IAIP in order to understand its mission and how its offices and\n               divisions operate, we identified several issues that could be impeding the ability\n               of IAIP to become fully operational. Consequently, these issues may be suitable\n               for future inspections.\n\n       Hiring Personnel to Work in a Classified Environment Takes a\n       Substantial Amount of Time\n               Because of its close interaction with the intelligence and law enforcement\n               communities, IAIP handles some of the most sensitive work within DHS. To\n               work in this environment, most IAIP personnel require access to information that\n               is classified at the Top Secret level or higher. Obtaining the necessary clearance\n               can be a time consuming process for new employees. In some cases, it can take\n               a year or more before a background investigation can be completed and the new\n               employee is deemed suitable for a clearance. Even when the person hired already\n               has a security clearance, a full background investigation may still be necessary\n               because clearances are not universally accepted by other agencies within the\n               intelligence and law enforcement communities. For these reasons, a majority of\n               IAIP executives interviewed by the OIG identified hiring personnel who can work\n               quickly within a classified environment as one of the major obstacles impeding\n               the directorate\xe2\x80\x99s ability to become fully operational.\n\n               The time necessary to obtain a clearance is also an impediment for state, local,\n               and private sector personnel. The delay affects both the general distribution of\n               threat information and the actual participation of state, local, private sector, and\n               contract support personnel on IAIP analytical teams or in the HSOC. A recent\n               executive order granted the Secretary authority to set the standard for security\n\n\n\n                    Survey of IAIP Directorate - OIG-04-13                                    Page 21\n\x0c                         clearances going to state, local, and private sector personnel. 14 Despite this\n                         authority, many state and local law enforcement personnel are experiencing\n                         significant delays in getting clearances to obtain information from federal\n                         sources. A future inspection could focus on whether the clearance process for\n                         DHS new hires and personnel from state and local governments, the private\n                         sector, and contractor support can be shortened without sacrificing security. Such\n                         an inspection could examine the feasibility of utilizing state and local police\n                         officers to augment the background investigative process. It may also examine\n                         the reasons agencies reject other agencies\xe2\x80\x99 decisions granting clearances and why\n                         there is no universally accepted clearance process.\n\n            The Ability of IAIP to Exchange Threat Information Electronically\n            with Partners is Necessary to Fulfill its Mission\n                         One of the keys to the success of DHS is establishing connectivity with both its\n                         internal and external partners. Having the capability to send and receive timely,\n                         accurate, and reliable information, is necessary if IAIP is to fulfill its mission as\n                         the lead intelligence gathering and warning directorate within DHS. In fact, the\n                         HSA requires DHS to establish procedures that facilitate the free exchange of\n                         threat information among agencies at all levels of government and the private\n                         sector. The HSA also requires DHS to report to congressional committees on how\n                         well it shares information with its partners.15\n\n                         To establish connectivity among its partners that is compatible, IAIP must have\n                         the necessary resources, including:\n\n                         \xe2\x80\xa2    personnel with the necessary security clearances and technical experience to\n                              operate and maintain information systems;\n                         \xe2\x80\xa2    facilities to receive and store intelligence data; and\n                         \xe2\x80\xa2    networks and messaging systems within IAIP that allow for secure electronic\n                              communication with internal, other federal, state, local, and private sector\n                              partners.\n\n                         IAIP has already begun to identify its top priorities for sharing and processing\n                         information.\n\n\n14\n   \xe2\x80\x9cBush Greenlights Ridge on Security Clearances Outside Beltway,\xe2\x80\x9d Congressional Quarterly, by Jim McGee, July 30,\n2003.\n15\n   These requirements are found in the Homeland Security Act, Section 892 (b)(1) & (2), and Section 893.\n\n\nPage 22                                         Survey of IAIP Directorate - OIG-04-13\n\x0c                                                                                                  A\n                         future inspection could identify                            IAIP\xe2\x80\x99s methodology\n                         for developing connectivity with its partners and make recommendations for\n                         corrective action.\n\n            Maintaining Close Partnerships that Facilitate Unobstructed\n            Information Flows is Crucial to the Success of IAIP\n                         DHS is now the cabinet-level department responsible for coordinating the\n                         protection of American citizens and infrastructure from terrorist attacks. The\n                         Secretary charged IAIP with carrying out this responsibility. Therefore, IAIP is\n                         accountable for transmitting terrorist threat information to its federal counterparts,\n                         as well as to state and local law enforcers -- our nation\xe2\x80\x99s first line of defense\n                         against terrorist attacks. IAIP also maintains channels to receive threat-related\n                         information. Information IAIP receives may originate from federal, state, local,\n                         private sector or any other sources. Since IAIP is an intelligence gatherer rather\n                         than an intelligence collector, its success is largely dependent on its federal, state\n                         and local, and private sector partnerships.\n\n                         The acting Assistant Secretary for IA expressed his satisfaction with the manner\n                         in which information flows both vertically (i.e., between IAIP and its state,\n                         local, and private sector partners), and horizontally (i.e., between IAIP and its\n                         federal partners such as the CIA, FBI, and other members of the intelligence\n                         community). However, in a recent congressional hearing,16 a member of the\n                         House Select Committee on Homeland Security stated, \xe2\x80\x9cIt is nearly two years\n                         since the attacks of September 11th, and information sharing on the terrorist threat\n                         to America is still dangerously disconnected between different agencies of the\n                         federal government and between the federal government and state and local law\n                         enforcement officials.\xe2\x80\x9d\n\n                         A future inspection could document the impact of security clearance issues on\n                         information sharing, particularly at the state, local, and private sector levels and\n                         connectivity and electronic data sharing issues among IAIP\xe2\x80\x99s federal partners. In\n                         addition, the study should chronicle the existence of conflicting or duplicative\n                         information channels within IAIP or among its state, local, and private sector\n                         or federal partners and how such alternative channels might be integrated. This\n\n\n16\n  Subcommittee on Intelligence and Counter-Terrorism to the House Select Committee on Homeland Security, \xe2\x80\x9c Improving\nthe Department of Homeland Security\xe2\x80\x99s Information Sharing Capabilities,\xe2\x80\x9d July 24, 2003.\n\n\n\n                              Survey of IAIP Directorate - OIG-04-13                                         Page 23\n\x0c                         review could complement a planned, internal IAIP study that will be conducted\n                         jointly with the Border and Transportation directorate.17\n\n            The Extent of IAIP\xe2\x80\x99s Involvement With the Homeland Security\n            Advisory System is Not Clear\n                         The purpose of HSAS is to provide a comprehensive and effective means\n                         to disseminate information regarding the risk of terrorist attacks to federal,\n                         state, and local authorities and to the American people. This advisory system\n                         characterizes appropriate levels of vigilance, preparedness, and readiness in a\n                         series of graduated threat conditions. As previously mentioned, the Secretary, in\n                         consultation with the HSC, determines the threat condition. IAIP supports the\n                         management of the HSAS by providing analysis of threat information in support\n                         of decisions to raise or lower the national threat level and for coordinating the\n                         actual notification of a threat condition change.\n\n                         Although IAIP participates in analyzing threat information in support of the\n                         HSAS, it is not clear what information is specific enough to act upon. The\n                         intelligence requirements for the different threat conditions are unclear. Also,\n                         as noted previously in the RAD discussion, not all threat information that could\n                         affect the threat condition is vetted through IAIP.\n\n                         Therefore, the OIG could initiate an inspection of how IAIP interacts with the\n                         Secretary and others involved in making the decision to elevate or lower the threat\n                         condition. Also, such an inspection could evaluate the adequacy and timeliness of\n                         information used for authorizing changes in the threat level.\n\n            IAIP Needs to Develop a Prioritized List of Critical Infrastructure and\n            Assets\n                         Identifying critical infrastructure is a critical step in implementing a national\n                         infrastructure protection plan. Once identified and validated, these critical\n                         infrastructure and key assets are catalogued into a prioritized national list that\n                         assigns the appropriate security level based on a comprehensive risk analysis of\n                         all assets identified on the list. It is expected that this national prioritized list will\n                         serve as a baseline for making decisions on which critical infrastructure and key\n                         assets to safeguard first. In line with this expectation, Congress has requested that\n\n17\n  July 31, 2003 memorandum from IAIP Under Secretary and the Border and Transportation Security Under Secretary,\n\xe2\x80\x9cInvitation to Participate in Joint Studies.\xe2\x80\x9d\n\n\nPage 24                                        Survey of IAIP Directorate - OIG-04-13\n\x0cIAIP provide a detailed program plan outlining a proposed scope, total estimated\ncosts, and schedule for completing a comprehensive risk analysis and assessment\nof vulnerabilities of the critical infrastructure by December 15, 2003.\n\nThe Protective Security Division (PSD) is responsible for maintaining a\nprioritized national list of critical infrastructure and key assets. Through\ninterviews, the OIG has learned that PSD has solicited data from state and local\npartners on certain critical infrastructure and key assets.\n\n\n\n\n    Survey of IAIP Directorate - OIG-04-13                                 Page 25\n\x0cAppendix A\nSummary of IAIP Statutory Functions\n\n\n                        Summary of IAIP Statutory Functions\n            No.                        Statutory Function\n             1    Vulnerability Assessment                                            IP\n             2    National Plan to Secure Infrastructure                              IP\n             3    \xe2\x80\x9cMap\xe2\x80\x9d Threats against vulnerabilities                               IP\n             4    Recommend Infrastructure Protective Measures                       IA/IP\n                  Ensure timely and efficient access to DHS of all homeland\n             5                                                                        IA\n                  security information\n             6    Administer the Homeland Security Advisory System                    IA\n                  Make recommendations for homeland security information\n             7                                                                        IA\n                  sharing policies\n                  Disseminate information analyzed by DHS to other federal,\n             8                                                                        IA\n                  state, and local government entities and the private sector\n                  Consult with appropriate federal Intelligence Community and\n             9    law enforcement officials to establish collection priorities and    IA\n                  strategies and represent DHS in all \xe2\x80\x9crequirements\xe2\x80\x9d processes.\n                  Consult with state and local governments and the private sector\n            10    to ensure appropriate exchanges of terrorist threat-related         IA\n                  information\n                  Ensure that information received is protected from\n             11   unauthorized disclosure and used only for the performance of       IA/IP\n                  official duties\n                  Request additional information from other federal, state, local\n            12                                                                       IA/IP\n                  government agencies and the private sector\n            13    Establish and use secure information technology infrastructure     IA/IP\n                  Ensure that information systems/databases are compatible with\n            14    one another and other federal agencies and treat information in    IA/IP\n                  accordance with applicable Federal privacy law\n                  Coordinate training and other support to DHS and other\n            15                                                                       IA/IP\n                  agencies to identify and share information\n                  Coordinate with IC elements and federal, state, and local law\n            16                                                                        IA\n                  enforcement agencies \xe2\x80\x9cas appropriate\xe2\x80\x9d\n                  Provide intelligence analysis and other support to the rest of\n            17                                                                        IA\n                  DHS\n            18    Perform such other duties as the Secretary may provide             IA/IP\n            19    Identify, Detect, and Assess Terrorist Threats to Homeland          IA\n\n\n\n\nPage 26                                 Survey of IAIP Directorate - OIG-04-13\n\x0c                                                                                                       Appendix B\n                                                  Lead Agencies and Critical Infrastructure Sectors and Key Assets\n\n                                                                              Critical Infrastructure\n                                            Lead Agency\n                                                                                     Sectors 18\n                         1      Department of Homeland Security                Emergency Services\n                                                                                  Information and\n                         2      Department of Homeland Security\n                                                                                Telecommunications\n                         3      Department of Homeland Security                     Transportation\n                         4      Department of Homeland Security                  Postal and Shipping\n                                Department of Homeland Security\n                         5                                                           Government\n                                  All departments and agencies\n                         6         Department of Agriculture                          Agriculture\n                                   Department of Agriculture\n                         7       Department of Health & Human                             Food\n                                           Services\n                         8      Environmental Protection Agency                          Water\n                                 Department of Health & Human\n                         9                                                           Public Health\n                                           Services\n                        10           Department of Defense                     Defense Industry Base\n                        11             Department of Energy                              Energy\n                        12          Department of the Treasury                  Banking and Finance\n                                                                                Chemical Industry &\n                        13      Environmental Protection Agency\n                                                                                Hazardous Materials\n\n\n                                                               Key Assets\n                         1                                Commercial Assets\n                         2                               Government Facilities\n                         3                                         Dams\n                         4                               Nuclear Power Plants\n                         5                               National Monuments\n\n\n18\n     Source: National Strategy for the Physical Protection of Critical Infrastructures dated February 2003.\n\n\n\n\n                                   Survey of IAIP Directorate - OIG-04-13                                     Page 27\n\x0cAppendix C\nIAIP Response to OIG\n\n\n\n\nPage 28                Survey of IAIP Directorate - OIG-04-13\n\x0c                                                                  Appendix D\n                                              Major Contributors to this Report\n\nBradley J. Harp, Program Analyst, Department of Homeland Security, Office of\nInspections, Evaluations, and Special Reviews\n\nCarlton I. Mann, Program Analyst, Department of Homeland Security, Office of\nInspections, Evaluations, and Special Reviews\n\nFrank A. Parrott, Program Analyst, Department of Homeland Security, Office of\nInspections, Evaluations, and Special Reviews\n\n\n\n\n    Survey of IAIP Directorate - OIG-04-13                              Page 29\n\x0cAppendix E\nReport Distribution\n\n                      Department of Homeland Security\n\n\n                      Under Secretary, Information Analysis and Infrastructure Protection Directorate,\n                      Department of Homeland Security\n\n\n\n\nPage 30                                  Survey of IAIP Directorate - OIG-04-13\n\x0c\x0cAdditional Information and Copies\n\nTo obtain additional copies of this report, call the Office of Inspector General (OIG),\nOffice of Inspections, Evaluations, and Special Reviews at (202) 254-4205 or 4208, or\nfax your request to (202) 254-4304.\n\nOIG Hotline\n\nTo report alleged fraud, waste, abuse or mismanagement, or any other kind of criminal\nor noncriminal misconduct relative to department programs or operations, call the OIG\nHotline at 1-800-323-8603 or write to Department of Homeland Security, Washington,\nDC 20528, Attn: Office of Inspector General, Investigations Division \xe2\x80\x93 Hotline. The OIG\nseeks to protect the identity of each writer and caller.\n\x0c'